** Description changed: + + [ Impact ] + probe_file consumes all the RAM of the system (128GB) excessive resource usage running a specific rule which is related to this bug [1]. This has been fixed in OpenSCAP 1.3, while Jammy runs 1.2.17. A fix for this patch has been made [2]. - Lower memory limits and improve their checking + [ Test Plan ] + + Steps to Reproduce: + 1. Create 100 users + # for i in $(seq 1 100); do useradd -N -g users user$i; echo "redhat" | passwd --stdin user$i; done + 2. Compile generate_files in attachment to generate files for the users (group is set to unused group id 9999 on purpose) + # for i in $(seq 1 100); do ./generate_files 1000 $(id -u user$i); done + 3. Compile many_files_and_threads in attachment to spawn many processes having many threads and opening many files + # for i in $(seq 1 100); do sudo -u user$i /usr/local/bin/many_files_and_threads 1000 100 & done + --> this will start 100 processes having 100 threads each, which are opening 1000 files each (shared between threads) + + 4. Run oscap + # /usr/bin/oscap xccdf eval --rule xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned --profile xccdf_org.ssgproject.content_profile_C2S --results-arf /tmp/oscap_results.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml + 5. While oscap runs, strace probe_file for some time + # timeout 10s strace -fttTvyy -o oscap_10s.strace -s 64 -p <pid of probe_file> + + look at logs for errors specifically lstat + + [ Where Problems Could Occur ] + + + [ Other Info ] Backport from upstream. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1932833 [2] https://github.com/OpenSCAP/openscap/pull/1803
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2116751 Title: openscap probe_file process consumes excessive resources during CIS scan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/2116751/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
